Getaddrinfo EAI_AGAIN ip-ranges.amazonaws.com

My domain is: jgni.eu

I ran this command: Add SSL certificate (in NGINX)

It produced this output: See added picture

My web server is (include version): Don't know?

The operating system my web server runs on is (include version): unRAID 6.12.14

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): unRAID/NGINX

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

certbot certonly

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?


1: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
2: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A separate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x14607afcac90>: Failed to resolve 'acme-v02.api.letsencrypt.org' ([Errno -3] Temporary failure in name resolution)"))

❯ Starting backend ...
❯ Starting nginx ...
[1/16/2025] [11:40:56 PM] [Global ] › :information_source: info Using Sqlite: /data/database.sqlite
[1/16/2025] [11:40:57 PM] [Migrate ] › :information_source: info Current database version: none
[1/16/2025] [11:40:57 PM] [Setup ] › :information_source: info Logrotate Timer initialized
[1/16/2025] [11:40:57 PM] [Global ] › ⬤ debug CMD: logrotate /etc/logrotate.d/nginx-proxy-manager
[1/16/2025] [11:40:57 PM] [Setup ] › :information_source: info Logrotate completed.
[1/16/2025] [11:40:57 PM] [IP Ranges] › :information_source: info Fetching IP Ranges from online services...
[1/16/2025] [11:40:57 PM] [IP Ranges] › :information_source: info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
[1/16/2025] [11:41:05 PM] [IP Ranges] › :heavy_multiplication_x: error getaddrinfo EAI_AGAIN ip-ranges.amazonaws.com
[1/16/2025] [11:41:05 PM] [SSL ] › :information_source: info Let's Encrypt Renewal Timer initialized
[1/16/2025] [11:41:05 PM] [SSL ] › :information_source: info Renewing SSL certs expiring within 30 days ...
[1/16/2025] [11:41:05 PM] [IP Ranges] › :information_source: info IP Ranges Renewal Timer initialized
[1/16/2025] [11:41:05 PM] [Global ] › :information_source: info Backend PID 163 listening on port 3000 ...
[1/16/2025] [11:41:05 PM] [SSL ] › :information_source: info Completed SSL cert renew process
[1/16/2025] [11:49:44 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[1/16/2025] [11:49:44 PM] [Nginx ] › :information_source: info Reloading Nginx
[1/16/2025] [11:49:44 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
[1/16/2025] [11:49:49 PM] [SSL ] › :information_source: info Requesting Let'sEncrypt certificates for Cert #7: jgni.eu
[1/16/2025] [11:49:49 PM] [SSL ] › :information_source: info Command: certbot certonly --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-7" --agree-tos --authenticator webroot --email 'web@jgni.dk' --preferred-challenges "dns,http" --domains "jgni.eu"
[1/16/2025] [11:49:49 PM] [Global ] › ⬤ debug CMD: certbot certonly --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-7" --agree-tos --authenticator webroot --email 'web@jgni.dk' --preferred-challenges "dns,http" --domains "jgni.eu"
[1/16/2025] [11:49:58 PM] [Nginx ] › ⬤ debug Deleting file: /data/nginx/temp/letsencrypt_7.conf
[1/16/2025] [11:49:58 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[1/16/2025] [11:49:58 PM] [Nginx ] › :information_source: info Reloading Nginx
[1/16/2025] [11:49:58 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
[1/16/2025] [11:49:58 PM] [Express ] › :warning: warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
An unexpected error occurred:
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NameResolutionError("<urllib3.connection.HTTPSConnection object at 0x15401e48aed0>: Failed to resolve 'acme-v02.api.letsencrypt.org' ([Errno -3] Temporary failure in name resolution)"))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Certbot is failing as your local DNS resolving is broken. That is probably best asked about on the NPM support channels.

From that same host or container if you tried below it would also fail

dig google.com
5 Likes

Your webserver is nginx. Everywhere you've mentioned "nginx" yourself, you probably mean "Nginx Proxy Manager", which is some kind of horrible Node.js thing around nginx. And with "horrible" I mean "very difficult to debug for us on this Community" due to the design/implementation of their certificate handling. (I don't have experience with it personally and I want to keep it that way, just the experience of us volunteers with NPM on this Community and the grey hairs it causes..)

Other than that I don't have any additions next to what Mike already said.

3 Likes

So what do you suggest I install instead?

I'm not familiar with unRAID nor with your requirements, but personally I just use Certbot directly and configure any webserver manually on my system.

Does this error message help us in any way?

That's the same error you showed in post #3. Have you asked about this on the NPM support channel?

1 Like

Sorry, you're right. I've deleted it now. Because of the email was shown.
No, I haven't Let me see if I can figure out where that is.

If you're just looking for a reverse proxy to handle certificates automatically, Caddy is a really good choice.

But regardless, you'd have to fix outbound Internet connectivity from wherever you're running things.

5 Likes

I’ve read and seen several videos about it. Might be the way to go now.
Thanks for reminding me.